def process(self):
"""Add or replace CVE node in graph."""
# Create EPV nodes first and get a list of failed EPVs
# If any of the EPV creation failed, then do not attempt further processing
succesfull_epvs, all_epvs_succesfull, affected_pkgs = self.create_pv_nodes(
)
logger.info("PV nodes created for snyk")
if all_epvs_succesfull:
for vulnerability in self._snyk_pkg_data.get('vulnerabilities'):
try:
# Create CVE node
call_gremlin(
self.prepare_payload(
*self.get_qstring_for_cve_node(vulnerability)))
except ValueError as e:
logger.error(
'Snyk CVEIngestionError - Error creating CVE node: {c}'
.format(c=vulnerability['id']))
raise InternalServerError(
"Snyk CVEIngestionError - "
"While Error creating CVE node.") from e
else:
if len(vulnerability.get('affected')) > 0:
try:
# Connect CVE node with affected EPV nodes
edge_query = add_affected_snyk_edge_script_template
edge_bindings = self._get_default_bindings(
vulnerability)
for vuln_version in vulnerability.get('affected'):
edge_bindings['vuln_version'] = vuln_version
call_gremlin(
self.prepare_payload(
edge_query, edge_bindings))
logger.info(
"Snyk CVEIngestionDebug - CVE sub-graph succesfully "
"created for CVE node: {c}".format(
c=vulnerability['id']))
logger.info(
"Updating non cve latest version (snyk)")
update_non_cve_version(affected_pkgs)
except ValueError as e:
logger.error(
"Snyk CVEIngestionError - Error creating CVE edges."
"Rolling back CVE node: {c}".format(
c=vulnerability['id']))
call_gremlin(
self.prepare_payload(
snyk_roll_back_cve_template,
self._get_default_bindings(vulnerability)))
raise InternalServerError(
"Snyk CVEIngestionError - "
"While creating CVE edges.") from e
else:
logger.error(
'CVEIngestionError - Error creating EPV nodes for package: {e} {p}'
.format(e=self._snyk_pkg_data.get('ecosystem'),
p=self._snyk_pkg_data.get('package')))
raise InternalServerError(
"CVEIngestionError - While creating EPV nodes for package.")
def process(self):
"""Add or replace CVE node in graph."""
# Create EPV nodes first and get a list of failed EPVs
# If any of the EPV creation failed, then do not attempt further processing
succesfull_epvs, all_epvs_succesfull, affected_pkgs = self.create_pv_nodes()
if all_epvs_succesfull:
try:
# Create CVE node
call_gremlin(
self.prepare_payload(*self.get_qstring_for_cve_node())
)
except ValueError:
logger.error('CVEIngestionError - Error creating CVE node: {c}'.format(
c=self._cve_dict['cve_id']))
else:
try:
# Connect CVE node with affected EPV nodes
for query_str in self.get_qstrings_for_edges():
call_gremlin(self.prepare_payload(query_str, self._get_default_bindings()))
logger.debug("CVEIngestionDebug - CVE sub-graph succesfully created for "
"CVE node: {c}".format(c=self._cve_dict['cve_id']))
logger.info("Updating non cve latest version")
update_non_cve_version(affected_pkgs)
except ValueError:
logger.error("CVEIngestionError - Error creating CVE edges."
"Rolling back CVE node: {c}".format(c=self._cve_dict['cve_id']))
call_gremlin(self.prepare_payload(cvedb_roll_back_cve_template,
self._get_default_bindings()))
else:
logger.error('CVEIngestionError - Error creating EPV nodes for CVE node: {c}'.format(
c=self._cve_dict['cve_id']))
def test_update_non_cve_version(mock1):
"""Test update_non_cve_version function."""
input = {
"lodash": {
"latest_version": "1.1.1",
"ecosystem": "pypi",
"latest_non_cve_version": "1.1.1"
},
"request": {
"latest_version": "1.1.2",
"ecosystem": "pypi"
}
}
mock1.return_value = {
"result": {
"data": ["blahblah"]
}
}
res = update_non_cve_version(input)
assert res == "Success"
mock1.return_value = {
"result": {
"data": []
}
}
res = update_non_cve_version(input)
assert res is None